From b3bbdc754025246c3de2a8e04a7ed2f085c5d19e Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 7 Jun 2022 13:21:48 +0200
Subject: feat(eidas): add attribute-mapping service to map eIDAS attributs to
 IDA attributes

---
 .../msproxyservice/MsProxyServiceConstants.java    |   5 +
 .../dto/attributes/AttrMappingElement.java         |  37 +++++
 .../dto/attributes/IdaAttribute.java               |  29 ++++
 .../msproxyservice/dto/attributes/Type.java        |  79 +++++++++
 .../service/ProxyEidasAttributeRegistry.java       | 176 +++++++++++++++++++++
 5 files changed, 326 insertions(+)
 create mode 100644 modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java
 create mode 100644 modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/IdaAttribute.java
 create mode 100644 modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
 create mode 100644 modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java

(limited to 'modules/eidas_proxy-sevice/src/main/java/at/asitplus')

diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
index fd6b45bb..a2a2e78f 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
@@ -20,6 +20,11 @@ public class MsProxyServiceConstants {
   public static final String CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL = EidasConstants.CONIG_PROPS_EIDAS_NODE
       + ".proxy.forward.endpoint";
   
+  
+  public static final String CONIG_PROPS_EIDAS_PROXY_ATTIBUTE_CONFIGURATION = 
+      EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.attribute.mapping.config";
+  
+  
   // mandate configuration
   public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED = 
       EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.enabled";  
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java
new file mode 100644
index 00000000..d6ed1147
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/AttrMappingElement.java
@@ -0,0 +1,37 @@
+
+package at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+
+import lombok.Data;
+
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonPropertyOrder({
+    "eidasAttribute",
+    "idaAttribute",
+    "type"
+})
+@Data
+public class AttrMappingElement {
+
+  /**
+   * eIDAS specific attribute name.
+   */
+  @JsonProperty("eidasAttribute")
+  private String eidasAttributeName;
+
+  /**
+   * IDA specific attribute name.
+   */
+  @JsonProperty("idaAttribute")
+  private IdaAttribute idaAttribute;
+  
+  /**
+   * attribute characteristics.
+   */
+  @JsonProperty("type")
+  private Type type;
+  
+}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/IdaAttribute.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/IdaAttribute.java
new file mode 100644
index 00000000..ee5fc810
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/IdaAttribute.java
@@ -0,0 +1,29 @@
+package at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+
+import lombok.Data;
+
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonPropertyOrder({
+    "basic",
+    "withMandates"
+})
+@Data
+public class IdaAttribute {
+
+  /**
+   * IDA attribute name, in case of simple process without mandates.
+   */
+  @JsonProperty("basic")
+  private String basic;
+
+  /**
+   * IDA attribute name, in case of mandate process.
+   */
+  @JsonProperty("withMandates")
+  private String withMandates;
+  
+}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
new file mode 100644
index 00000000..86ca49fa
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
@@ -0,0 +1,79 @@
+
+package at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import com.fasterxml.jackson.annotation.JsonValue;
+
+import lombok.Data;
+
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonPropertyOrder({
+    "mds",
+    "mandator"
+})
+@Data
+public class Type {
+
+  /**
+   * <code>true</code> if this attribute is part of MDS, otherwise
+   * <code>false</code>
+   */
+  @JsonProperty("mds")
+  private Boolean mds;
+
+  /**
+   * Classifie that attribute to specific mandate modes.
+   */
+  @JsonProperty("mandator")
+  private Type.Mandator mandator;
+
+  /**
+   * Mandate type in case of a mandate attriute.
+   */
+  public enum Mandator {
+    BOTH("both"),
+    LEGAL("legal"),
+    NATURAL("natural"),
+    NONE("none");
+
+    private final String value;
+    private final static Map<String, Type.Mandator> CONSTANTS = new HashMap<>();
+
+    static {
+      for (final Type.Mandator c : values()) {
+        CONSTANTS.put(c.value, c);
+      }
+    }
+
+    Mandator(String value) {
+      this.value = value;
+    }
+
+    @Override
+    public String toString() {
+      return this.value;
+    }
+
+    @JsonValue
+    public String value() {
+      return this.value;
+    }
+
+    @JsonCreator
+    public static Type.Mandator fromValue(String value) {
+      final Type.Mandator constant = CONSTANTS.get(value);
+      if (constant == null) {
+        throw new IllegalArgumentException(value);
+      } else {
+        return constant;
+      }
+    }
+
+  }
+}
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
new file mode 100644
index 00000000..ea561c1d
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
@@ -0,0 +1,176 @@
+package at.asitplus.eidas.specific.modules.msproxyservice.service;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URISyntaxException;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.type.CollectionType;
+import com.google.common.collect.Sets;
+
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
+import at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes.AttrMappingElement;
+import at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes.IdaAttribute;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import lombok.Getter;
+import lombok.NonNull;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class ProxyEidasAttributeRegistry {
+  
+  private static final String ATTR_CONFIG_ALL = "*";
+  
+  private static ObjectMapper mapper = new ObjectMapper();
+  
+  @Autowired IConfiguration basicConfig;
+  @Autowired ResourceLoader resourceLoader;
+
+  
+  @Getter
+  private EidasAttributeRegistry coreRegistry;
+
+  private Set<AttrMappingElement> attributeConfiguration;
+  
+  
+  /**
+   * Attribute Registry for eIDAS Proxy-Service implementation.
+   * @param registry Core attribute registry
+   */
+  public ProxyEidasAttributeRegistry(@Autowired EidasAttributeRegistry registry) {
+    this.coreRegistry = registry;
+        
+  }
+  
+  
+  /**
+   * Get all attributes that requested from IDA by default.
+   * 
+   * @param withMandates <code>true</code> if mandates are supported, otherwise <code>false</code>
+   * @return {@link Stream} of IDA specific attribute names
+   */
+  @NonNull
+  public Stream<String> getAlwaysRequestedAttributes(boolean withMandates) {
+    return attributeConfiguration.stream()
+        .filter(el -> ATTR_CONFIG_ALL.equals(el.getEidasAttributeName()))
+        .map(el -> getReleadedIdaAttribute(el.getIdaAttribute(), withMandates))
+        .flatMap(Collection::stream)
+        .filter(Objects::nonNull);
+            
+  }
+
+  /**
+   * Get IDA attributes for a specific eIDAS attribute.
+   *   
+   * @param eidasAttributeName Name of the eIDAS attribute.
+   * @param withMandates <code>true</code> if mandates are supported, otherwise <code>false</code>
+   * @return {@link Set} of IDA specific attribute names
+   */
+  @NonNull
+  public Set<String> getIdaAttributesForEidasAttribute(String eidasAttributeName, boolean withMandates) {
+    return attributeConfiguration.stream()
+        .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName))
+        .findFirst()
+        .map(el -> getReleadedIdaAttribute(el.getIdaAttribute(), withMandates))
+        .orElse(Collections.emptySet())
+        .stream()
+        .filter(Objects::nonNull)
+        .collect(Collectors.toSet());
+                
+  }
+  
+  
+  @PostConstruct
+  private void initialize() throws EaafConfigurationException {
+    final String attrConfPath = basicConfig.getBasicConfiguration(
+        MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_ATTIBUTE_CONFIGURATION);
+    
+    log.debug("Initializing eIDAS <--> IDA attribute mapping from: {} ... ", attrConfPath);
+    
+    if (StringUtils.isEmpty(attrConfPath)) {
+      log.error("Error: Path to attribute-mapping config is unknown");
+      throw new EaafConfigurationException("internal.configuration.00", 
+          new Object[]{MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_ATTIBUTE_CONFIGURATION});
+      
+    }
+    
+    try {
+      // reading attribute-configuration file
+      final CollectionType javaType = 
+          mapper.getTypeFactory().constructCollectionType(List.class, AttrMappingElement.class);
+      List<AttrMappingElement> internalAttributeConfiguration = 
+          mapper.readValue(readFromFile(attrConfPath), javaType);
+      log.debug("Found #{} eIDAS <--> IDA attribute-mappings . Starting import process ...  ", 
+          internalAttributeConfiguration.size());
+      
+      // post-validation of attribute configuration
+      attributeConfiguration = internalAttributeConfiguration.stream()
+          .filter(el -> checkEidasAttributeName(el))
+          .collect(Collectors.toSet());        
+      log.info("Load {} eIDAS <--> IDA attribute-mappings into attribute-registry", attributeConfiguration.size());
+                  
+    } catch (Exception e) {
+      log.error("Error reading eIDAS <--> IDA attribute-mapping configuration file", e);
+      throw new EaafConfigurationException("internal.configuration.01",
+          new Object[]{MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_ATTIBUTE_CONFIGURATION, 
+              "Error reading Configurations file"}, e);
+      
+    }    
+  }
+  
+  private Set<String> getReleadedIdaAttribute(IdaAttribute el, boolean withMandates) {
+    return withMandates 
+        ? Sets.newHashSet(el.getBasic(), el.getWithMandates())
+        : Sets.newHashSet(el.getBasic());
+       
+  }
+  
+  private boolean checkEidasAttributeName(AttrMappingElement el) {
+    if (StringUtils.isNotEmpty(el.getEidasAttributeName())) {
+      if (ATTR_CONFIG_ALL.equals(el.getEidasAttributeName()) 
+          || coreRegistry.getCoreAttributeRegistry().getByName(el.getEidasAttributeName()) != null) {
+        return true;
+            
+      } else {
+        log.warn("eIDAS attribute: {} is UNKNOWN by eIDAS node. Ignore it!", el.getEidasAttributeName());
+        
+      }
+      
+    } else {
+      log.warn("Find attribute-mapping element WITHOUT eIDAS attribute-name. Ignore it!");
+      
+    }
+    
+    return false;
+  }
+   
+  private byte[] readFromFile(final String filePath) throws URISyntaxException, IOException {
+    final String fullFilePath = FileUtils.makeAbsoluteUrl(filePath, basicConfig.getConfigurationRootDirectory());
+    final Resource ressource = resourceLoader.getResource(fullFilePath);
+    final InputStream is = ressource.getInputStream();
+    final byte[] result = IOUtils.toByteArray(is);
+    is.close();
+    return result;
+    
+  }
+  
+  
+}
-- 
cgit v1.2.3